Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10/23/2018
04:38 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Battling Bots: How to Find Fake Twitter Followers

Duo researchers explain the approach they used to detect automated Twitter profiles and uncover a botnet.

The discovery of a massive botnet can start with finding a few fake Twitter followers, report Duo researchers investigating the process of identifying and analyzing automated accounts.

Earlier this summer, Duo's Olabode Anise, data scientist, and Jordan Wright, principal research and development engineer, wrapped up a project investigating how they could detect Twitter bot characteristics. The goal was to create a means of differentiating automated and legitimate accounts, and they built a classifier tool to distinguish bots based on a pre-defined set of traits.

Their research dug into one of the largest random datasets of public Twitter accounts to date, they report. As part of their project, Wright and Anise identified three specific types of bots serving different purposes. "Content-generating" bots actively create new content (spam, malicious link), "amplification" bots like and retweet content to boost a tweet's popularity, and "fake followers" are a type of amplification bot intended to inflate users' popularity.

The two today published a new report digging into the latter. Their analysis covers how fake followers operate, how they discovered an initial list of fake followers, and how they leveraged that list to unearth a botnet made up of at least 12,000 Twitter accounts.

"We understand the fake followers are just as important to the social ecosystem," says Anise. "They artificially inflate the ratio of followers to followees."

On one hand, fake followers can be used to harass, or compromise the credibility of, legitimate accounts. On the other, they can boost the popularity of fake accounts, making them appear more credible than they are. The researchers gave a talk at Black Hat USA discussing how a botnet spoofed legitimate accounts to evade detection and spread a cryptocurrency scam.

Spot the Bots

It's tough to tell when a follower is fake, and researchers explain more information is better when analyzing accounts. In general, fake followers are hard to detect on an individual level because they don't show much activity – aside from, of course, following other accounts.

But a lack of activity doesn't mean an account is malicious. Some people create Twitter accounts simply to follow other users and stay current on the news, Anise explains.

So instead of hunting fake followers on an individual basis, the researchers decided to consider their full social networks. Fake followers are typically purchased and used as groups; as a result, they tend to share characteristics because they are developed by the same operator.

But which traits set fake followers apart from real ones? After Anise and Wright wrapped their initial pool of research, the botnet they were watching began to use fake followers to trick people into thinking spoofed Twitter accounts were real. They took a closer look at the followers of a fake Elon Musk Twitter profile and explored their similarities.

"One thing that we saw was, [they were] pretty easy to identify," says Anise of the fake followers. "These bots weren't really trying to hide … if you notice patterns or have a similar account, you can use it to pivot and find other bot accounts."

Timing is one key factor. If a large group of accounts suddenly follows the same profile, for example, there's a higher likelihood they're fraudulent.

Accounts following the fake Elon Musk profile had a proverb or fortune in their profile description – a quick and easy means of bypassing spam detection. Profile completion is an easy way to determine the quality of a bot; if an account has a profile, it appears to be real. However, creating unique profiles is harder than generating random usernames.

With this in mind, the researchers could separate these bots from legitimate followers. Because they were studying the fake accounts as a group, they could observe whether similar accounts had similar behaviors. Once they found a small group of fake followers, they could branch outside that network and look for other fake accounts with similar traits.

How to Crawl for Followers

Anise and Wright uncovered the botnet with a "one-degree crawl" of a single fake follower. They found a fake account and looked at their social network, as well as the social network for each account the fake follower was following. They then applied a script to search the social network for a specific account. The result is a web of fake and legitimate profiles, connecting which fake accounts are following legitimate ones.

While it's a good start, not every bot in a botnet will follow the same people, meaning the researchers may not have caught entire groups of fake followers. To find new ones, Anise explains, they can use a bot found during their initial crawl and search its network for new fake followers. After doing this, they uncovered an additional 1,200 bots.

The two point out that large groups of fake followers have patterns that are easier to recognize; smaller groups, in contrast, may be more subtle. To find smaller groups of fake accounts, the researchers first determined when multiple accounts were created on the same day and consecutively followed a target account.

Related Content:

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
aronsalsa
50%
50%
aronsalsa,
User Rank: Apprentice
10/23/2018 | 5:19:48 PM
Fake twitter sccount
We all know that how social media is impacting everyone nowadays and twitter is one of the biggest platforms to make any statement to the world. There are many fake twitter accounts also and that has to be recognized and the given details here really making a point of out of that. 

Dell error code 2000-0142 is really supporting that.
SchemaCzar
0%
100%
SchemaCzar,
User Rank: Strategist
10/24/2018 | 10:28:22 AM
I thought they just declare every conservative account is fake
ooops, I guess that will get me booted...
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/26/2018 | 10:33:21 PM
Fake unique profiles
> "However, creating unique profiles is harder than generating random usernames."

Sure, but maybe not that much harder.

Just throw a bunch of self-designations and cliches into a program, and have it randomly spit out a few.

Example: "Marketing enthusiast, dad of 3, professional cat herder, Giants fan. Tweets are my own."
muneebkhatri
100%
0%
muneebkhatri,
User Rank: Apprentice
10/28/2018 | 5:47:50 AM
dissertation writing service
This was among the best posts and episode from your team it let me learn many new things.  
neiljakson105
0%
100%
neiljakson105,
User Rank: Guru
11/7/2018 | 11:06:24 AM
nice post
Great article. I totlly liked it. Your entire website is great. I am a finance brokers. We got folks awesome mortgages and other commercial finance. buy dissertation online
alan.martin.pmp@gmail.com
50%
50%
[email protected],
User Rank: Apprentice
3/17/2019 | 10:20:19 PM
Nice and informative post
Can I simply just say what a comfort to find somebody that really knows what they're discussing on the internet.

You definitely understand how to bring an issue to light and make it important.


More and more people really need to read this and understand this side of your story. It's surprising you're not more popular since you certainly possess the gift.
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
9/10/2019 | 2:11:09 PM
voyance-amour-eternel.com
The blog and data is excellent and informative as well 
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
9/11/2019 | 10:27:04 AM
kids science
Thanks for the informative and helpful post, obviously in your blog everything is good..  kids science
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
9/12/2019 | 8:09:01 AM
Hotmail login
Very informative post ! There is a lot of information here that can help any business get started with a successful social networking campaign !  Hotmail login
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
9/12/2019 | 8:45:20 AM
Www.hotmail.com
Writing with style and getting good compliments on the article is quite hard, to be honest.But you've done it so calmly and with so cool feeling and you've nailed the job. This article is possessed with style and I am giving good compliment. Best!  Www.hotmail.com
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
9/12/2019 | 2:48:19 PM
removalists melbourne
It is the intent to provide valuable information and best practices, including an understanding of the regulatory process.  removalists melbourne
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
10/7/2019 | 2:49:55 PM
Dumps
It is the intent to provide valuable information and best practices, including an understanding of the regulatory process.  https://www.Exams4Success.com | C1000-031 Exam Dumps
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
10/7/2019 | 3:01:21 PM
Exam
Thanks for the informative and helpful post, obviously in your blog everything is good..   Exams4Success.com | 70-348 Exam Dumps
loiuslitt
50%
50%
loiuslitt,
User Rank: Apprentice
10/8/2019 | 8:40:11 AM
Re: Exam
Can you share whitepaper of this? 



 
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
10/9/2019 | 10:11:15 AM
change management process
I have been searching to find a comfort or effective procedure to complete this process and I think this is the most suitable way to do it effectively. change management process
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
10/21/2019 | 8:54:02 AM
games birthday party kids
Took me time to understand all of the comments, but I seriously enjoyed the write-up. It proved being really helpful to me and Im positive to all of the commenters right here! Its constantly nice when you can not only be informed, but also entertained! I am certain you had enjoyable writing this write-up.  games birthday party kids
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
10/27/2019 | 8:18:58 AM
Modern Warfare Cheat
Hi to everybody, here everyone is sharing such knowledge, so it's fastidious to see this site, and I used to visit this blog daily  Modern Warfare Cheat
johnsoneater97
50%
50%
johnsoneater97,
User Rank: Apprentice
11/25/2019 | 12:17:03 AM
Re: Modern Warfare Cheat
https://dqfansurveyyy.xyz/

https://icloudlogin.co/

https://tcswebmail.me/
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
10/27/2019 | 9:45:14 AM
COD Modern warfare cheat
Cool stuff you have and you keep overhaul every one of us  COD Modern warfare cheat
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
10/30/2019 | 8:15:37 AM
sengkang grand condo
I have been searching to find a comfort or effective procedure to complete this process and I think this is the most suitable way to do it effectively.  sengkang grand condo
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
10/31/2019 | 8:31:59 AM
sengkang grand residences showflat
Excellent effort to make this blog more wonderful and attractive  sengkang grand residences showflat
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
10/31/2019 | 8:49:06 AM
leedon green price
Writing with style and getting good compliments on the article is quite hard, to be honest.But you've done it so calmly and with so cool feeling and you've nailed the job. This article is possessed with style and I am giving good compliment. Best!  leedon green price
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
11/2/2019 | 2:31:28 PM
parc canberra showflat
I curious more interest in some of them hope you will give more information on this topics in your next articles.  parc canberra showflat
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
11/2/2019 | 2:51:25 PM
Ki Residences floor plan
Thanks for the informative and helpful post, obviously in your blog everything is good..  Ki Residences floor plan
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
11/5/2019 | 6:22:52 AM
goldarmbnder damen
I'm happy I located this blog! From time to time, students want to cognitive the keys of productive literary essays composing. Your first-class knowledge about this good post can become a proper basis for such people. nice one  goldarmbänder damen
jeenajohn
50%
50%
jeenajohn,
User Rank: Apprentice
11/7/2019 | 5:49:09 AM
Cole
Took me time to understand all of the comments, but I seriously enjoyed the write-up. It proved being really helpful to me and Im positive to all of the commenters right here! Its constantly nice when you can not only be informed, but also entertained! I am certain you had enjoyable writing this write-up.  damen armband silber
KenT806
50%
50%
KenT806,
User Rank: Apprentice
11/17/2019 | 3:27:52 AM
Sinda
I am always searching online for articles that can help me. There is obviously a lot to know about this. I think you made some good points in Features also. Keep working, great job!

 
KenT806
50%
50%
KenT806,
User Rank: Apprentice
12/3/2019 | 2:28:07 AM
Thanks for Sharing
This is really very nice post you shared, i like the post, thanks for sharing .. Rent Singapore
KenT806
50%
50%
KenT806,
User Rank: Apprentice
12/4/2019 | 2:39:16 AM
Thanks for the info
KenT806
50%
50%
KenT806,
User Rank: Apprentice
12/5/2019 | 10:21:58 AM
Thanks for the Post
There is obviously a lot to know about this. I think you made some good points.  Rent Singapore
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...